Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136372e302f32342d3234203d3e20313937353337.roa
File:                     3130392e3131302e3136372e302f32342d3234203d3e20313937353337.roa (raw, json)
Hash identifier:          Zog+sWjfdp7kzaq0pM4AVGFIgQiDN+XI5ktKeXQmAkc=
Subject key identifier:   3F:B3:5B:C7:14:22:8A:A9:48:79:ED:9C:C1:FB:3A:02:46:01:B9:9E
Certificate issuer:       /CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
Certificate serial:       4A118B40446C01FF803FB4C16A4532A0E8F048A4
Authority key identifier: 7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136372e302f32342d3234203d3e20313937353337.roa
Signing time:             Thu 23 May 2024 16:58:48 +0000
ROA not before:           Thu 23 May 2024 16:53:48 +0000
ROA not after:            Thu 22 May 2025 16:58:48 +0000
asID:                     197537
IP address blocks:        109.110.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:11:8b:40:44:6c:01:ff:80:3f:b4:c1:6a:45:32:a0:e8:f0:48:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7adf63e375b0b785081b5945b1d18d9de86e0efc
        Validity
            Not Before: May 23 16:53:48 2024 GMT
            Not After : May 22 16:58:48 2025 GMT
        Subject: CN=3FB35BC714228AA94879ED9CC1FB3A024601B99E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:3d:86:0a:bb:e6:67:77:34:86:5e:10:2a:69:
                    0b:d6:62:d5:30:18:68:68:f3:29:7b:fe:25:83:f5:
                    d3:9a:bd:cc:bd:cf:e1:2b:2e:5a:3b:3e:a0:bf:e4:
                    06:10:e1:f8:0d:68:96:0b:44:86:27:6c:f0:a2:bd:
                    6a:00:b2:3f:08:a7:d0:f3:d8:84:df:13:9c:87:76:
                    38:c4:13:16:08:02:ec:7c:93:1b:bf:4b:77:ff:4c:
                    89:35:94:d9:51:86:11:e4:31:a9:48:8c:49:68:17:
                    61:11:4d:b0:f4:02:05:f0:53:68:ae:3b:5c:ff:9e:
                    4b:c0:67:14:d0:71:31:75:8c:ce:91:89:03:88:b2:
                    e1:51:d5:fb:91:03:6d:74:8e:55:93:62:9d:f6:e3:
                    a0:fa:2b:09:81:50:b6:64:c8:00:54:f7:2a:6a:ab:
                    68:67:00:9b:6a:6b:ce:03:7d:6c:e2:c1:c6:7c:2a:
                    fa:8a:d5:85:d0:1e:d6:47:6c:ed:04:7d:7f:b2:e7:
                    d6:54:1d:6d:af:1b:6f:1b:67:76:52:3d:5f:28:12:
                    01:a8:05:57:0a:08:58:d2:3c:f6:58:c7:d4:ee:44:
                    6f:5f:4a:e9:3b:54:7b:31:f0:26:63:c9:af:6d:6f:
                    c7:b5:04:c7:36:ea:08:a5:70:14:60:d0:26:8b:5d:
                    59:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B3:5B:C7:14:22:8A:A9:48:79:ED:9C:C1:FB:3A:02:46:01:B9:9E
            X509v3 Authority Key Identifier:
                keyid:7A:DF:63:E3:75:B0:B7:85:08:1B:59:45:B1:D1:8D:9D:E8:6E:0E:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/7ADF63E375B0B785081B5945B1D18D9DE86E0EFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/et9j43Wwt4UIG1lFsdGNnehuDvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/aee3d58d-904a-4375-bf93-8b5f38cab002/0/3130392e3131302e3136372e302f32342d3234203d3e20313937353337.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.110.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:16:e1:55:24:df:54:c4:3b:02:86:61:03:b5:b6:dc:fd:27:
         e6:02:6f:9f:22:67:5a:a1:2e:e2:b8:aa:fe:5d:d7:3b:2f:6a:
         6c:69:cb:69:ed:04:ed:03:59:88:c1:e7:a5:e1:18:f1:1e:c7:
         37:49:21:02:7a:18:07:04:96:00:04:54:6c:1d:04:58:25:06:
         6b:90:95:08:da:bf:31:c9:e1:ca:95:02:12:26:b6:70:d1:e0:
         2f:63:21:27:88:f0:b2:df:e9:9d:02:fc:cd:d2:9d:6d:83:b4:
         67:a0:e0:b2:7b:90:ff:91:87:58:dc:f6:03:cc:12:4a:78:a6:
         c0:73:05:d5:c6:1b:57:bc:ae:46:b7:4f:ab:e9:5d:38:89:03:
         0a:a5:cf:eb:e1:a6:bb:30:62:0c:30:2d:b7:d9:ea:e6:a4:07:
         01:da:dc:98:64:f9:38:b1:ba:87:8a:d2:97:f1:b4:8a:77:e9:
         c8:b6:ad:ef:22:24:87:7f:5b:c9:06:49:c3:26:17:74:ca:15:
         f2:39:d1:c9:00:fe:41:d6:84:1b:62:65:16:17:ad:0e:96:ae:
         e6:14:1b:b3:37:fa:4e:82:e9:ab:df:49:dd:e8:e2:1e:fe:79:
         51:7d:a9:ae:85:a1:72:79:6f:4c:63:d8:9e:8d:20:54:6a:56:
         2c:10:9a:b4
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgIUShGLQERsAf+AP7TBakUyoOjwSKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2FkZjYzZTM3NWIwYjc4NTA4MWI1OTQ1YjFkMThkOWRl
ODZlMGVmYzAeFw0yNDA1MjMxNjUzNDhaFw0yNTA1MjIxNjU4NDhaMDMxMTAvBgNV
BAMTKDNGQjM1QkM3MTQyMjhBQTk0ODc5RUQ5Q0MxRkIzQTAyNDYwMUI5OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4PYYKu+ZndzSGXhAqaQvWYtUw
GGho8yl7/iWD9dOavcy9z+ErLlo7PqC/5AYQ4fgNaJYLRIYnbPCivWoAsj8Ip9Dz
2ITfE5yHdjjEExYIAux8kxu/S3f/TIk1lNlRhhHkMalIjEloF2ERTbD0AgXwU2iu
O1z/nkvAZxTQcTF1jM6RiQOIsuFR1fuRA210jlWTYp3246D6KwmBULZkyABU9ypq
q2hnAJtqa84DfWziwcZ8KvqK1YXQHtZHbO0EfX+y59ZUHW2vG28bZ3ZSPV8oEgGo
BVcKCFjSPPZYx9TuRG9fSuk7VHsx8CZjya9tb8e1BMc26gilcBRg0CaLXVk5AgMB
AAGjggJBMIICPTAdBgNVHQ4EFgQUP7NbxxQiiqlIee2cwfs6AkYBuZ4wHwYDVR0j
BBgwFoAUet9j43Wwt4UIG1lFsdGNnehuDvwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQtOTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2Fi
MDAyLzAvN0FERjYzRTM3NUIwQjc4NTA4MUI1OTQ1QjFEMThEOURFODZFMEVGQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2V0OWo0M1d3dDRVSUcxbEZzZEdObmVo
dUR2dy5jZXIwgbEGCCsGAQUFBwELBIGkMIGhMIGeBggrBgEFBQcwC4aBkXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWVlM2Q1OGQt
OTA0YS00Mzc1LWJmOTMtOGI1ZjM4Y2FiMDAyLzAvMzEzMDM5MmUzMTMxMzAyZTMx
MzYzNzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMxMzkzNzM1MzMzNy5yb2EwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAG1upzANBgkqhkiG9w0BAQsFAAOCAQEAHhbhVSTfVMQ7AoZhA7W23P0n5gJv
nyJnWqEu4riq/l3XOy9qbGnLae0E7QNZiMHnpeEY8R7HN0khAnoYBwSWAARUbB0E
WCUGa5CVCNq/McnhypUCEia2cNHgL2MhJ4jwst/pnQL8zdKdbYO0Z6DgsnuQ/5GH
WNz2A8wSSnimwHMF1cYbV7yuRrdPq+ldOIkDCqXP6+GmuzBiDDAtt9nq5qQHAdrc
mGT5OLG6h4rSl/G0infpyLat7yIkh39byQZJwyYXdMoV8jnRyQD+QdaEG2JlFhet
Dpau5hQbszf6ToLpq99J3ejiHv55UX2proWhcnlvTGPYno0gVGpWLBCatA==
-----END CERTIFICATE-----
Generated at Sun Jun 16 06:42:16 2024 by rpki-client on console-ams.rpki-client.org